Reconciliation Software - In Scope? 1682



  • We use software package to automate our bank reconciliation process and are considering whether we need to evaluate the IT General Controls over it.
    Argument for is: Bank rec is an IT Dependent manual control that depends on the particular piece of software and as the control is key we need to assess the controls over the application.
    Argument against is: application is more akin to end-user computing i.e. a more robust Excel, and as it is only supporting a reconciliation we need only look at the access controls, etc at a high level.
    As I could argue either scenario I would appreciate any thoughts that you may have



  • Denis,
    Is this application software used ‘off the shelf’ with minor user-defined criteria, or is it one where there is some customization done by a programmer? Our general criteria is that ‘off the shelf’ products only undergo high-level access reviews from a SOX perspective whereas software that has been or can be customized by a programmer is subject to the more thorough system controls (change control, etc.).
    Is this ReconNet by chance?



  • It is off the shelf. BankRec by Accurate Software.
    I am thinking more along the ‘high-level’ rooute myself.



  • We have followed the high level route for our off the shelf package. We have looked more closely at changes made to the matching arguments though because we found the team maintaining the system were able to adapte these when they spotted one that didn’t work. Other than that it was high level with asurances on data feeds and timely clearance of reconciling items.


Log in to reply